* Thu Dec 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.17-1

- Update samba-bgqd policy
Resolves: RHEL-69512
- Allow samba-bgqd read cups config files
Resolves: RHEL-69512
- Allow virtqemud additional permissions for tmpfs_t blk devices
Resolves: RHEL-61235
- Allow virtqemud rw access to svirt_image_t chr files
Resolves: RHEL-61235
- Allow virtqemud rw and setattr access to fixed block devices
Resolves: RHEL-61235
- Label /etc/mdevctl.d/scripts.d with bin_t
Resolves: RHEL-39893
- Fix the /etc/mdevctl\.d(/.*)? regexp
Resolves: RHEL-39893
- Allow virtnodedev watch mdevctl config dirs
Resolves: RHEL-39893
- Make mdevctl_conf_t member of the file_type attribute
Resolves: RHEL-39893
- Label /etc/mdevctl.d with mdevctl_conf_t
Resolves: RHEL-39893
- Allow virtqemud relabelfrom virt_log_t files
Resolves: RHEL-48236
- Allow virtqemud_t relabel virtqemud_var_run_t sock_files
Resolves: RHEL-48236
- Allow virtqemud relabelfrom virtqemud_var_run_t dirs
Resolves: RHEL-48236
- Allow svirt_tcg_t read virtqemud_t fifo_files
Resolves: RHEL-48236
- Allow virtqemud rw and setattr access to sev devices
Resolves: RHEL-69128
- Allow virtqemud directly read and write to a fixed disk
Resolves: RHEL-61235
- Allow svirt_t the sys_rawio capability
Resolves: RHEL-61235
- Allow svirt_t the sys_rawio capability
Resolves: RHEL-61235
- Allow virtqemud connect to sanlock over a unix stream socket
Resolves: RHEL-44352
- allow gdm and iiosensorproxy talk to each other via D-bus
Resolves: RHEL-70850
- Allow sendmail to map mail server configuration files
Related: RHEL-54014
- Allow procmail to read mail aliases
Resolves: RHEL-54014
- Grant rhsmcertd chown capability & userdb access
Resolves: RHEL-68481
This commit is contained in:
Zdenek Pytela 2024-12-12 21:18:45 +01:00
parent bfa35b4ec0
commit a789dba85b
3 changed files with 52 additions and 4 deletions

View File

@ -1,3 +1,51 @@
* Thu Dec 12 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.17-1
- Update samba-bgqd policy
Resolves: RHEL-69512
- Allow samba-bgqd read cups config files
Resolves: RHEL-69512
- Allow virtqemud additional permissions for tmpfs_t blk devices
Resolves: RHEL-61235
- Allow virtqemud rw access to svirt_image_t chr files
Resolves: RHEL-61235
- Allow virtqemud rw and setattr access to fixed block devices
Resolves: RHEL-61235
- Label /etc/mdevctl.d/scripts.d with bin_t
Resolves: RHEL-39893
- Fix the /etc/mdevctl\.d(/.*)? regexp
Resolves: RHEL-39893
- Allow virtnodedev watch mdevctl config dirs
Resolves: RHEL-39893
- Make mdevctl_conf_t member of the file_type attribute
Resolves: RHEL-39893
- Label /etc/mdevctl.d with mdevctl_conf_t
Resolves: RHEL-39893
- Allow virtqemud relabelfrom virt_log_t files
Resolves: RHEL-48236
- Allow virtqemud_t relabel virtqemud_var_run_t sock_files
Resolves: RHEL-48236
- Allow virtqemud relabelfrom virtqemud_var_run_t dirs
Resolves: RHEL-48236
- Allow svirt_tcg_t read virtqemud_t fifo_files
Resolves: RHEL-48236
- Allow virtqemud rw and setattr access to sev devices
Resolves: RHEL-69128
- Allow virtqemud directly read and write to a fixed disk
Resolves: RHEL-61235
- Allow svirt_t the sys_rawio capability
Resolves: RHEL-61235
- Allow svirt_t the sys_rawio capability
Resolves: RHEL-61235
- Allow virtqemud connect to sanlock over a unix stream socket
Resolves: RHEL-44352
- allow gdm and iiosensorproxy talk to each other via D-bus
Resolves: RHEL-70850
- Allow sendmail to map mail server configuration files
Related: RHEL-54014
- Allow procmail to read mail aliases
Resolves: RHEL-54014
- Grant rhsmcertd chown capability & userdb access
Resolves: RHEL-68481
* Fri Nov 29 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.16-1 * Fri Nov 29 2024 Zdenek Pytela <zpytela@redhat.com> - 40.13.16-1
- Fix the file type for /run/systemd/generator - Fix the file type for /run/systemd/generator
Resolves: RHEL-68313 Resolves: RHEL-68313

View File

@ -5,7 +5,7 @@
# github repo with selinux-policy sources # github repo with selinux-policy sources
%global giturl https://github.com/fedora-selinux/selinux-policy %global giturl https://github.com/fedora-selinux/selinux-policy
%global commit 3f0002adb63d7da7f8dcb203925b9ba6d10301c3 %global commit 78847c4bcc0b30d4f89ac04004934a95c57bcd35
%global shortcommit %(c=%{commit}; echo ${c:0:7}) %global shortcommit %(c=%{commit}; echo ${c:0:7})
%define distro redhat %define distro redhat
@ -17,7 +17,7 @@
%define CHECKPOLICYVER 3.2 %define CHECKPOLICYVER 3.2
Summary: SELinux policy configuration Summary: SELinux policy configuration
Name: selinux-policy Name: selinux-policy
Version: 40.13.16 Version: 40.13.17
Release: 1%{?dist} Release: 1%{?dist}
License: GPL-2.0-or-later License: GPL-2.0-or-later
Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz Source: %{giturl}/archive/%{commit}/%{name}-%{shortcommit}.tar.gz

View File

@ -1,3 +1,3 @@
SHA512 (selinux-policy-3f0002a.tar.gz) = 51b525de3f63b3a9e2a2394826fd7bad0e32b22fc8a0b2cdd53d7580d2f07382732e20f4e8a0535acafb777f41b473fb9ed04f7927c11e25273f3861baf6d6a9 SHA512 (selinux-policy-78847c4.tar.gz) = 76d87a323225bf68a212801f3ceba8a70070080793144006dbc7b3e88eae46a9a9b63c3f0e2a9fe823be6fc5fc8bcf6b996f5e21242a2b46747471ccca317ab1
SHA512 (container-selinux.tgz) = af2b1c6e9aa6762e6dd388d1ca5568f067f715514335c8b70400fc1282979f2a377c6797c9d43ceaccf17caa45a52b9d39e9d3a425286209f0be250bcaf71ae9
SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4 SHA512 (macro-expander) = 243ee49f1185b78ac47e56ca9a3f3592f8975fab1a2401c0fcc7f88217be614fe31805bacec602b728e7fcfc21dcc17d90e9a54ce87f3a0c97624d9ad885aea4
SHA512 (container-selinux.tgz) = 1211d3b8da0d12e15d3757d40a256ccd1fb786c895d051cd91d5f4725b1ea30bbdaa20e8a5fd2c8130b9cd1711f9784670b05e0883840e297755841f5a309903